BSD Commit Log Search

   Tickets 335 - 337.

   Pull up the following revisions, requested by martin in ticket #337:

   src/usr.sbin/sysinst/configmenu.c               1.25
   src/usr.sbin/sysinst/install.c                  1.26
   src/usr.sbin/sysinst/net.c                      1.47
   src/usr.sbin/sysinst/upgrade.c                  1.22

   We have SSL trust anchors in base, so make use of them when downloading
   additional items after basic installation is done (even if the installer
   used does not come with its own certs, so we can not verify trust
   for set download).

   Pull up the following revisions, requested by martin in ticket #336:

   src/usr.sbin/sysinst/msg.mi.de                  1.59
   src/usr.sbin/sysinst/msg.mi.en                  1.60
   src/usr.sbin/sysinst/msg.mi.es                  1.50
   src/usr.sbin/sysinst/msg.mi.fr                  1.53
   src/usr.sbin/sysinst/msg.mi.pl                  1.56
   src/usr.sbin/sysinst/util.c                     1.84

   Include "tests" and "manhtml" in the optional sets.

   Pull up the following revisions, requested by martin in ticket #335:

   src/usr.sbin/sysinst/Makefile.inc               1.54
   src/usr.sbin/sysinst/configmenu.c               1.24
   src/usr.sbin/sysinst/defs.h                     1.96
   src/usr.sbin/sysinst/main.c                     1.37
   src/usr.sbin/sysinst/menus.mi                   1.31
   src/usr.sbin/sysinst/net.c                      1.46

   When compiled with SMALLPROG (i.e. as part of a crunched ramdisk
   userland) ftp(1) does not support https - so remove that option from
   sysinst and only offer http in that case.
   Should fix PR 60359.

   Update for expat 2.8.2

   Update for expat 2.8.2

   Merge expat 2.8.2

   Import expat 2.8.2 as expat-2-8-2

TODO: - pitchfork, done

   doc: Updated print/texlab to 5.26.0

   texlab: update to 5.26.0.

   ## [5.26.0] - 2026-06-25

   ### Added

   - Add goto definition support for acronym definitions ([#1568](https://github.com/latex-lsp/texlab/pull/1568))

   ### Fixed

   - Use `texlab.build.pdfDirectory` for Tectonic projects ([#1561](https://github.com/latex-lsp/texlab/issues/1561))
   - Refresh diagnostics when watched files change ([#1552](https://github.com/latex-lsp/texlab/issues/1552))
   - Use current working directory of server when starting `latexindent` ([#1345](https://github.com/latex-lsp/texlab/pull/1345))
   - Handle optional arguments in `\bibitem` commands correctly ([#1549](https://github.com/latex-lsp/texlab/issues/1549))
   - Send `TextEdit` only if `latexindent` changed something ([#1534](https://github.com/latex-lsp/texlab/pull/1534))

   doc: Updated devel/py-ruff to 0.15.20

   py-ruff: update to 0.15.20.

   Preview features

       Allow human-readable names in rule selectors (#25887)
       Emit a warning instead of an error for unknown rule selectors (#26113)
       Match noqa shebang handling in ruff:ignore comments (#26286)
       [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

   Documentation

       Add versioning sections to custom crate READMEs (#26317)
       Update ruff_python_parser README for crates.io (#26315)
       [perflint] Clarify that PERF402 applies to any iterable (#26242)

   doc/TODO: + py-ruff-0.15.20, texlab-5.26.0.

   gpgmepp: do not accept gpgmepp 15

pitchfork: pull sources from crates.io to fix build

   Updated devel/py-filebytes, textproc/py-patiencediff, net/py-hpack, net/py-zeroconf

   py-zeroconf: updated to 0.150.0

   0.150.0 (2026-06-22)

   Features
   - Add async_update_interfaces to rescan network interfaces at runtime

   py-hpack: updated to 4.2.0

   4.2.0 (2026-06-22)

   **API Changes (Backward Incompatible)**

   - Support for Python 3.9 has been removed.
   - Support for PyPy 3.9 has been removed.

   **API Changes (Backward Compatible)**

   - Support for Python 3.14 has been added.

   **Bugfixes**

   - Headers marked as `sensitive` will no longer log their value at DEBUG level. Instead a placeholder value of `SENSITIVE_REDACTED` is logged.
   - Fixed perfect match missed for headers with empty values.
   - Restricted variable integer decoding to uint32 to prevent run-away computation. With thanks to `Hiroki Nishino`_.

   py-patiencediff: updated to 0.2.19

   0.2.19
   Support pyo3 0.29
   CI and dependency maintenance (ruff, actions/checkout, upload/download-artifact)

   py-filebytes: updated to 0.10.2

   0.10.2
   Unknown changes

   doc: Updated devel/argp to 1.5.0nb1

   argp: install shared library

   Bump PKGREVISION.

   Fixes xentools420 build, tested by gdt@ - thanks!

   PR bin/59635 - src/usr.bin/mail: fix post realloc() cleanup

   This is a rather hackish solution, much better would be to abandon the
   pointers altogether, and simply use message offsets (ints) into the array
   to provide the relationships between messages.

   Or abandon the message array (and the need for realloc() along with it)
   and replace it with a list.

   Both methods would achieve the aim of getting rid of the need to go and
   massage the data to keep things correct when a realloc moves things around.

   Either would require more changes in more places that this crude change,
   and to get this done before -11 gets released, the few changes the better.

   Another possibility would be to just revert to the adjustment method used
   in -10 (which looks like it should work to me - but I don't know why it
   was changed).


    [4 lines not shown]

   doc: Updated devel/p5-List-SomeUtils-XS to 0.59

   p5-List-SomeUtils-XS: update to 0.59.

   0.59     2026-06-22

   - Fix a heap buffer overflow in the pairwise function when it would return a very large list. Fixed
     by Paul Johnson.

   doc: Updated textproc/expat to 2.8.2

   expat: update to 2.8.2.

   Release 2.8.2 Thu June 25 2026
           Security fixes:
              #1246  CVE-2026-50219 -- Disallow calls to functions
                       `XML_GetBuffer`, `XML_Parse`, `XML_ParseBuffer`,
                       `XML_ParserFree`, `XML_ParserReset` to guard e.g.
                       Expat bindings from memory corruption;
                       this CPython issue is related:
                       https://github.com/python/cpython/issues/146169
              #1267  CVE-2026-56131 -- Protect XML_ResumeParser from being called
                                       from a handler, plugging a hole in the fix
                                       to CVE-2026-50219
              #1272  CVE-2026-56132 -- Fix out-of-bound scaffolding index store
                                       in `doProlog`
        #1229 #1232  CVE-2026-56403 -- Integer overflow in `storeAtts`
              #1249  CVE-2026-56404 -- Integer overflow in `addBinding`
              #1251  CVE-2026-56405 -- Integer overflow in `getAttributeId`
              #1255  CVE-2026-56406 -- Integer overflow in `XML_ParseBuffer`

    [70 lines not shown]

   expat 2.8.2 (security release) is out

   doc: Updated emulators/nono to 1.8.1